[tor-relays] OS diversity of tor relays (was Re: Relay uptime versus outdated Tor version)

Duncan dguthrie at posteo.net
Sat Aug 19 08:56:31 UTC 2017 

Firstly, a note of caution: I am not affiliated with the Tor project.

Scott Bennett:
> Duncan <dguthrie at posteo.net> wrote:
> 
>> In theory hot-patching kernels is a great idea.
>> 
>> However, they're technically not loading a new kernel. Something like
>> kexec in theory lets one load a new kernel.
>> 
>> Furthermore, these hot-patching programs usually only support Linux. 
>> If
>> we want to increase the diversity of the Tor network, as we most
>> certainly should, then we need more BSD relays, so these hot-patching
>> programs don't cut it.
>> 
>      The tor project has made the point that OS diversity is important,
> but it has failed to show the courage of its conviction.  It commits 
> great
> effort to maintain a "safe" tor browser for the OS for which tor relays
> currently abound, yet still offers no version of that browser to entice
> *BSD, Solaris, MINIX, or other OS users to run tor relays.  Instead, 
> such
> users are apparently expected either to use clearly unsafe browsers or 
> to
> run VMs of other than their native OS to run a safe browser.  The tor
> community is thus very lucky for what diversity of relay OS currently 
> exists.

If I may, the point of diversifying the network is *not* to "entice" 
BSD/Solaris/MINIX users, the number of which, even compared to Linux, 
which is quite low, is astonishingly small. I'd argue more effort should 
actually be put into hardening Tor Browser for Windows, as it is on 
Linux that much of the hardening efforts are currently being focused, 
unfortunately.

The point is that as it stands, serious bugs that affect Linux currently 
affect the entirety of the Tor network. As a mono-culture, this could 
cause problems in the future, especially as the network expands. This is 
an issue for client users too, certainly. However, it is not clear that 
there would be a benefit to providing builds to operating systems with a 
very low number of users. I'm sure there are people using BeOS or Plan 9 
which want to use Tor Browser, after all. They can always compile it 
from source if they wish (whether it would run is another matter, but 
that is work that would take away from helping a greater number of 
users).

That being said, there is in fact the very good TorBSD project which 
provides Tor Browser builds for OpenBSD. I do not know what the 
situation with FreeBSD is, but that provides a Linux compatibility 
layer, which I've heard Tor Browser works with. Here it is: 
http://torbsd.github.io/

>      I've pointed this problem out several times, but to the best of my
> memory, none of the tor developers has ever responded on this issue.
> 
> 
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************

Best,
Duncan

More information about the tor-relays mailing list